[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 211-220

Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.211

As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which technology should you use?

  1. IPsec DVTI

  2. FlexVPN

  3. DMVPN

  4. IPsec SVTI

  5. GET VPN

Correct Answer: E

Question No.212

Where do you configure AnyConnect certificate-based authentication in ASDM?

  1. group policies

  2. AnyConnect Connection Profile

  3. AnyConnect Client Profile

  4. Advanced Network (Client) Access

Correct Answer: B

Question No.213

What URL do you use to download a packet capture file in a format which can be used by a packet analyzer?

  1. ftp://lt;hostnamegt;/capture/lt;capture_namegt;/

  2. https://lt;asdm_enabled _interface:portgt;/lt;capture_namegt;/

  3. https://lt;asdm_enabled_interface:portgt;/admin/capture/lt;capture_namegt;/pcap

  4. https://lt;hostnamegt;/lt;capture_namegt;/pcap

Correct Answer: C

Question No.214

Which Cisco ASDM option configures forwarding syslog messages to email?

  1. Configuration gt; Device Management gt; Logging gt; E-Mail Setup

  2. Configuration gt; Device Management gt; E-Mail Setup gt; Logging Enable

  3. Select the syslogs to email, click Edit, and select the Forward Messages option.

  4. Select the syslogs to email, click Settings, and specify the Destination Email Address option.

Correct Answer: A

Question No.215

Which Cisco firewall platform supports Cisco NGE?

  1. FWSM

  2. Cisco ASA 5505

  3. Cisco ASA 5580

  4. Cisco ASA 5525-X

Correct Answer: D

Question No.216

Which statement about CRL configuration is correct?

  1. CRL checking is enabled by default.

  2. The Cisco ASA relies on HTTPS access to procure the CRL list.

  3. The Cisco ASA relies on LDAP access to procure the CRL list.

  4. The Cisco Secure ACS can be configured as the CRL server.

Correct Answer: C

Explanation:

ASA SSLVPN deployment guide:

The security appliance supports various authentication methods: RSA one-time passwords, Radius, Kerberos, LDAP, NT Domain, TACACS, Local/Internal, digital certificates, and a combination of both authentication and certificates.

image

Question No.217

When attempting to tunnel FTP traffic through a stateful firewall that might be performing NAT or PAT, which type of VPN tunneling should you use to allow the VPN traffic through the stateful firewall?

  1. clientless SSL VPN

  2. IPsec over TCP

  3. smart tunnel

  4. SSL VPN plug-ins

Correct Answer: B

Explanation:

IP Security (IPSec) over Transmission Control Protocol (TCP) enables a VPN Client to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, User Datagram Protocol (UDP) 500) cannot function, or can function only with modification to existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP packet, and it enables secure tunneling through both Network Address Translation (NAT) and Port Address Translation (PAT) devices and firewalls

Question No.218

Which feature is available in IKEv1 but not IKEv2?

  1. Layer 3 roaming

  2. aggressive mode

  3. EAP variants

  4. sequencing

Correct Answer: B

Question No.219

What are the three primary components of a GET VPN network? (Choose three.)

  1. Group Domain of Interpretation protocol

  2. Simple Network Management Protocol

  3. server load balancer

  4. accounting server

  5. group member

  6. key server

Correct Answer: AEF

Question No.220

In the Cisco ASDM interface, where do you enable the DTLS protocol setting?

  1. Configuration gt; Remote Access VPN gt; Network (Client) Access gt; Group Policies gt; Add or Edit gt; Add or Edit Internal Group Policy

  2. Configuration gt; Remote Access VPN gt; Network (Client) Access gt; AAA Setup gt; Local Users gt; Add or Edit

  3. Device Management gt; Users/AAA gt; User Accounts gt; Add or Edit gt; Add or Edit User Account gt; VPN Policy gt; SSL VPN Client

  4. Configuration gt; Remote Access VPN gt; Network (Client) Access gt; Group Policies gt; Add or Edit

Correct Answer: C

Explanation: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect20/administrativ e/guide/admin/admin5.html

Shows where DTLS can be configured as:

Configurationgt;; Remote Access VPNgt;; Network (Client) Accessgt;; Group Policiesgt;; Add or Edit gt; Add or Edit Internal Group Policy gt; Advanced gt; SSL VPN Client

Configurationgt;; Remote Access VPNgt;; Network (Client) Accessgt;; AAA Setupgt;; Local Users gt; Add or Edit gt; Add or Edit User Account gt; VPN Policy gt; SSL VPN Client

Device Management gt; Users/AAA gt; User Accounts gt; Add or Edit gt; Add or Edit User Account gt; VPN Policy gt; SSL VPN Client

>

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF